Console
    Start free

    Test permissions for topic

    Tests IAM permissions for a topic.

    Explore further

    For detailed documentation that includes this code sample, see the following:

    Code sample

    C++

    Before trying this sample, follow the C++ setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub C++ API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      namespace 
  
 iam 
  
 = 
  
 google 
 :: 
 cloud 
 :: 
 iam 
 ; 
 namespace 
  
 pubsub 
  
 = 
  
 google 
 :: 
 cloud 
 :: 
 pubsub 
 ; 
 []( 
 std 
 :: 
 string 
  
 project_id 
 , 
  
 std 
 :: 
 string 
  
 topic_id 
 ) 
  
 { 
  
 auto 
  
 const 
  
 topic 
  
 = 
  
 pubsub 
 :: 
 Topic 
 ( 
 std 
 :: 
 move 
 ( 
 project_id 
 ), 
  
 std 
 :: 
 move 
 ( 
 topic_id 
 )); 
  
 auto 
  
 client 
  
 = 
  
 iam 
 :: 
 IAMPolicyClient 
 ( 
  
 iam 
 :: 
 MakeIAMPolicyConnection 
 ( 
 pubsub 
 :: 
 IAMPolicyOptions 
 ())); 
  
 google 
 :: 
 iam 
 :: 
 v1 
 :: 
 TestIamPermissionsRequest 
  
 request 
 ; 
  
 request 
 . 
 set_resource 
 ( 
 topic 
 . 
 FullName 
 ()); 
  
 request 
 . 
 add_permissions 
 ( 
 "pubsub.topics.publish" 
 ); 
  
 request 
 . 
 add_permissions 
 ( 
 "pubsub.topics.update" 
 ); 
  
 auto 
  
 response 
  
 = 
  
 client 
 . 
 TestIamPermissions 
 ( 
 request 
 ); 
  
 if 
  
 ( 
 ! 
 response 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 response 
 ). 
 status 
 (); 
  
 std 
 :: 
 cout 
 << 
 "Allowed permissions for topic " 
 << 
 topic 
 . 
 FullName 
 () 
 << 
 ":" 
 ; 
  
 for 
  
 ( 
 auto 
  
 const 
&  
 permission 
  
 : 
  
 response 
 - 
> permissions 
 ()) 
  
 { 
  
 std 
 :: 
 cout 
 << 
 " " 
 << 
 permission 
 ; 
  
 } 
  
 std 
 :: 
 cout 
 << 
 " 
 \n 
 " 
 ; 
 }

    C#

    Before trying this sample, follow the C# setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub C# API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      using 
  
  Google.Cloud.Iam.V1 
 
 ; 
 using 
  
  Google.Cloud.PubSub.V1 
 
 ; 
 public 
  
 class 
  
 TestTopicIamPermissionsSample 
 { 
  
 public 
  
 TestIamPermissionsResponse 
  
 TestTopicIamPermissions 
 ( 
 string 
  
 projectId 
 , 
  
 string 
  
 topicId 
 ) 
  
 { 
  
  TestIamPermissionsRequest 
 
  
 request 
  
 = 
  
 new 
  
  TestIamPermissionsRequest 
 
  
 { 
  
 ResourceAsResourceName 
  
 = 
  
  TopicName 
 
 . 
  FromProjectTopic 
 
 ( 
 projectId 
 , 
  
 topicId 
 ), 
  
 Permissions 
  
 = 
  
 { 
  
 "pubsub.topics.get" 
 , 
  
 "pubsub.topics.update" 
  
 } 
  
 }; 
  
  PublisherServiceApiClient 
 
  
 publisher 
  
 = 
  
  PublisherServiceApiClient 
 
 . 
  Create 
 
 (); 
  
  TestIamPermissionsResponse 
 
  
 response 
  
 = 
  
 publisher 
 . 
  IAMPolicyClient 
 
 . 
 TestIamPermissions 
 ( 
 request 
 ); 
  
 return 
  
 response 
 ; 
  
 } 
 }

    Go

    Before trying this sample, follow the Go setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub Go API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 "io" 
  
 "cloud.google.com/go/iam/apiv1/iampb" 
  
 "cloud.google.com/go/pubsub/v2" 
 ) 
 func 
  
 testPermissions 
 ( 
 w 
  
 io 
 . 
 Writer 
 , 
  
 projectID 
 , 
  
 topicID 
  
 string 
 ) 
  
 ([] 
 string 
 , 
  
 error 
 ) 
  
 { 
  
 // projectID := "my-project-id" 
  
 // topicID := "my-topic" 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 pubsub 
 . 
 NewClient 
 ( 
 ctx 
 , 
  
 projectID 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 nil 
 , 
  
 fmt 
 . 
 Errorf 
 ( 
 "pubsub.NewClient: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 req 
  
 := 
  
& iampb 
 . 
  TestIamPermissionsRequest 
 
 { 
  
 Resource 
 : 
  
 fmt 
 . 
 Sprintf 
 ( 
 "projects/%s/topics/%s" 
 , 
  
 projectID 
 , 
  
 topicID 
 ), 
  
 Permissions 
 : 
  
 [] 
 string 
 { 
  
 "pubsub.topics.publish" 
 , 
  
 "pubsub.topics.update" 
 , 
  
 }, 
  
 } 
  
 resp 
 , 
  
 err 
  
 := 
  
 client 
 . 
 TopicAdminClient 
 . 
  TestIamPermissions 
 
 ( 
 ctx 
 , 
  
 req 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 nil 
 , 
  
 fmt 
 . 
 Errorf 
 ( 
 "error calling TestIamPermissions: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 for 
  
 _ 
 , 
  
 perm 
  
 := 
  
 range 
  
 resp 
 . 
 Permissions 
  
 { 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "Allowed: %v\n" 
 , 
  
 perm 
 ) 
  
 } 
  
 return 
  
 resp 
 . 
 Permissions 
 , 
  
 nil 
 }

    Java

    Before trying this sample, follow the Java setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub Java API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      import 
  
 com.google.cloud.pubsub.v1. TopicAdminClient 
 
 ; 
 import 
  
 com.google.iam.v1. TestIamPermissionsRequest 
 
 ; 
 import 
  
 com.google.iam.v1. TestIamPermissionsResponse 
 
 ; 
 import 
  
 com.google.pubsub.v1. ProjectTopicName 
 
 ; 
 import 
  
 java.io.IOException 
 ; 
 import 
  
 java.util.LinkedList 
 ; 
 import 
  
 java.util.List 
 ; 
 public 
  
 class 
 TestTopicPermissionsExample 
  
 { 
  
 public 
  
 static 
  
 void 
  
 main 
 ( 
 String 
 ... 
  
 args 
 ) 
  
 throws 
  
 Exception 
  
 { 
  
 // TODO(developer): Replace these variables before running the sample. 
  
 String 
  
 projectId 
  
 = 
  
 "your-project-id" 
 ; 
  
 String 
  
 topicId 
  
 = 
  
 "your-topic-id" 
 ; 
  
 testTopicPermissionsExample 
 ( 
 projectId 
 , 
  
 topicId 
 ); 
  
 } 
  
 public 
  
 static 
  
 void 
  
 testTopicPermissionsExample 
 ( 
 String 
  
 projectId 
 , 
  
 String 
  
 topicId 
 ) 
  
 throws 
  
 IOException 
  
 { 
  
 try 
  
 ( 
  TopicAdminClient 
 
  
 topicAdminClient 
  
 = 
  
  TopicAdminClient 
 
 . 
 create 
 ()) 
  
 { 
  
  ProjectTopicName 
 
  
 topicName 
  
 = 
  
  ProjectTopicName 
 
 . 
 of 
 ( 
 projectId 
 , 
  
 topicId 
 ); 
  
 List<String> 
  
 permissions 
  
 = 
  
 new 
  
 LinkedList 
<> (); 
  
 permissions 
 . 
 add 
 ( 
 "pubsub.topics.attachSubscription" 
 ); 
  
 permissions 
 . 
 add 
 ( 
 "pubsub.topics.publish" 
 ); 
  
 permissions 
 . 
 add 
 ( 
 "pubsub.topics.update" 
 ); 
  
  TestIamPermissionsRequest 
 
  
 testIamPermissionsRequest 
  
 = 
  
  TestIamPermissionsRequest 
 
 . 
 newBuilder 
 () 
  
 . 
 setResource 
 ( 
 topicName 
 . 
  toString 
 
 ()) 
  
 . 
 addAllPermissions 
 ( 
 permissions 
 ) 
  
 . 
 build 
 (); 
  
  TestIamPermissionsResponse 
 
  
 testedPermissionsResponse 
  
 = 
  
 topicAdminClient 
 . 
 testIamPermissions 
 ( 
 testIamPermissionsRequest 
 ); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Tested:\n" 
  
 + 
  
 testedPermissionsResponse 
 ); 
  
 } 
  
 } 
 }

    Node.js

    Before trying this sample, follow the Node.js setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub Node.js API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      /** 
 * TODO(developer): Uncomment this variable before running the sample. 
 */ 
 // 
  
 const 
  
 topicNameOrId 
  
 = 
  
 'YOUR_TOPIC_NAME_OR_ID' 
 ; 
 // 
  
 Imports 
  
 the 
  
 Google 
  
 Cloud 
  
 client 
  
 library 
 const 
  
 { 
 PubSub 
 } 
  
 = 
  
 require 
 ( 
 '@google-cloud/pubsub' 
 ); 
 // 
  
 Creates 
  
 a 
  
 client 
 ; 
  
 cache 
  
 this 
  
 for 
  
 further 
  
 use 
 const 
  
 pubSubClient 
  
 = 
  
 new 
  
 PubSub 
 (); 
 async 
  
 function 
  
 testTopicPermissions 
 ( 
 topicNameOrId 
 ) 
  
 { 
  
 const 
  
 permissionsToTest 
  
 = 
  
 [ 
 'pubsub.topics.attachSubscription', 
 'pubsub.topics.publish', 
 'pubsub.topics.update', 
  
 ] 
 ; 
  
 // 
  
 Tests 
  
 the 
  
 IAM 
  
 policy 
  
 for 
  
 the 
  
 specified 
  
 topic 
  
 const 
  
 [ 
 permissions 
 ] 
  
 = 
  
 await 
  
 pubSubClient 
  
 . 
 topic 
 ( 
 topicNameOrId 
 ) 
  
 . 
 iam 
 . 
 testPermissions 
 ( 
 permissionsToTest 
 ); 
  
 console 
 . 
 log 
 ( 
 'Tested permissions for topic: %j' 
 , 
  
 permissions 
 ); 
 }

    Node.js

    Before trying this sample, follow the Node.js setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub Node.js API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      /** 
 * 
 TODO 
 ( 
 developer 
 ): 
 Uncomment 
 this 
 variable 
 before 
 running 
 the 
 sample 
 . 
 */ 
 // 
 const 
 topicNameOrId 
 = 
 'YOUR_TOPIC_NAME_OR_ID' 
 ; 
 // 
 Imports 
 the 
 Google 
 Cloud 
 client 
 library 
 import 
  
 { 
 PubSub 
 } 
 from 
  
 '@google-cloud/pubsub' 
 ; 
 // 
 Creates 
 a 
 client 
 ; 
 cache 
 this 
 for 
 further 
 use 
 const 
 pubSubClient 
 = 
 new 
 PubSub 
 (); 
 async 
 function 
 testTopicPermissions 
 ( 
 topicNameOrId 
 : 
 string 
 ) 
 { 
 const 
 permissionsToTest 
 = 
 [ 
 'pubsub.topics.attachSubscription' 
 , 
 'pubsub.topics.publish' 
 , 
 'pubsub.topics.update' 
 , 
 ]; 
 // 
 Tests 
 the 
 IAM 
 policy 
 for 
 the 
 specified 
 topic 
 const 
 [ 
 permissions 
 ] 
 = 
 await 
 pubSubClient 
 . 
 topic 
 ( 
 topicNameOrId 
 ) 
 . 
 iam 
 . 
 testPermissions 
 ( 
 permissionsToTest 
 ); 
 console 
 . 
 log 
 ( 
 'Tested permissions for topic: %j' 
 , 
 permissions 
 ); 
 }

    PHP

    Before trying this sample, follow the PHP setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub PHP API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      use Google\Cloud\PubSub\PubSubClient; 
 /** 
 * Prints the permissions of a topic. 
 * 
 * @param string $projectId  The Google project ID. 
 * @param string $topicName  The Pub/Sub topic name. 
 */ 
 function test_topic_permissions($projectId, $topicName) 
 { 
 $pubsub = new PubSubClient([ 
 'projectId' => $projectId, 
 ]); 
 $topic = $pubsub->topic($topicName); 
 $permissions = $topic->iam()->testPermissions([ 
 'pubsub.topics.attachSubscription', 
 'pubsub.topics.publish', 
 'pubsub.topics.update' 
 ]); 
 foreach ($permissions as $permission) { 
 printf('Permission: %s' . PHP_EOL, $permission); 
 } 
 }

    Python

    Before trying this sample, follow the Python setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub Python API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      from 
  
 google.cloud 
  
 import 
 pubsub_v1 
 # TODO(developer): Choose an existing topic. 
 # project_id = "your-project-id" 
 # topic_id = "your-topic-id" 
 client 
 = 
 pubsub_v1 
 . 
  PublisherClient 
 
 () 
 topic_path 
 = 
 client 
 . 
 topic_path 
 ( 
 project_id 
 , 
 topic_id 
 ) 
 permissions_to_check 
 = 
 [ 
 "pubsub.topics.publish" 
 , 
 "pubsub.topics.update" 
 ] 
 allowed_permissions 
 = 
 client 
 . 
 test_iam_permissions 
 ( 
 request 
 = 
 { 
 "resource" 
 : 
 topic_path 
 , 
 "permissions" 
 : 
 permissions_to_check 
 } 
 ) 
 print 
 ( 
 "Allowed permissions for topic 
 {} 
 : 
 {} 
 " 
 . 
 format 
 ( 
 topic_path 
 , 
 allowed_permissions 
 ) 
 )

    Ruby

    Before trying this sample, follow the Ruby setup instructions in the Pub/Sub quickstart using client libraries . For more information, see the Pub/Sub Ruby API reference documentation .

    To authenticate to Pub/Sub, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .

      # topic_id = "your-topic-id" 
 pubsub 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  PubSub 
 
 . 
  new 
 
 topic_admin 
  
 = 
  
 pubsub 
 . 
  topic_admin 
 
 permissions 
  
 = 
  
 [ 
 "pubsub.topics.attachSubscription" 
 , 
  
 "pubsub.topics.publish" 
 , 
  
 "pubsub.topics.update" 
 ] 
 response 
  
 = 
  
 pubsub 
 . 
  iam 
 
 . 
 test_iam_permissions 
  
 \ 
  
 resource 
 : 
  
 pubsub 
 . 
 topic_path 
 ( 
 topic_id 
 ), 
  
 permissions 
 : 
  
 permissions 
 puts 
  
 "Permission to attach subscription" 
  
 \ 
  
 if 
  
 permissions 
 . 
 include? 
  
 "pubsub.topics.attachSubscription" 
 puts 
  
 "Permission to publish" 
  
 \ 
  
 if 
  
 response 
 . 
 permissions 
 . 
 include? 
  
 "pubsub.topics.publish" 
 puts 
  
 "Permission to update" 
  
 \ 
  
 if 
  
 response 
 . 
 permissions 
 . 
 include? 
  
 "pubsub.topics.update"

    What's next

    To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: